CWE-401: Missing Release of Memory after Effective Lifetime
Description
The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.
Submission Date :
July 19, 2006, midnight
Modification Date :
2023-06-29 00:00:00+00:00
Organization :
MITRE
Extended Description
This is often triggered by improper handling of malformed data or unexpectedly interrupted sessions. In some languages, developers are responsible for tracking memory allocation and releasing the memory. If there are no more pointers or references to the memory, then it can no longer be tracked and identified for release.
Example - 1
The following C function leaks a block of allocated memory if the call to read() does not return the expected number of bytes:
return NULL;
return NULL;
char* buf = (char*) malloc(BLOCK_SIZE);if (!buf) {}if (read(fd, buf, BLOCK_SIZE) != BLOCK_SIZE) {}return buf;char* getBlock(int fd) {}
Related Weaknesses
This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.
Visit http://cwe.mitre.org/ for more details.